Bug Report
At EagleEye, powered by Bluedot Technology Ltd., we are committed to maintaining the highest security standards to protect our systems and our users. We understand that despite our best efforts, vulnerabilities may occur. This is why we encourage and welcome bug reports from ethical hackers, researchers, and users who contribute to our security by identifying potential threats. Your efforts to responsibly investigate and report bugs are highly appreciated and, where applicable, rewarded.
Guidelines for Bug Reporting
What to Report: We are interested in hearing about a variety of security vulnerabilities except for the following, which are currently out of scope:
- X-Frame Options,
- ClickJacking,
- Referrer-Policy,
- Strict-Transport-Security,
- Content-Security-Policy,
- HotLink Protection,
- Self XSS (Self-Cross-Site Scripting),
- Session Expiry.
In addition, we ask that you refrain from:
- Stress testing/DDoS attack testing,
- Reporting bugs that require an unreasonable amount of user interaction to exploit,
- Issues that have already been reported or are already known to us.
How to Report: If you've discovered a bug, please email us at S3cH0le at eesec dot org with the subject line "Bug Report for EagleEye". Please provide as much detail as possible, including:
- A clear description of the issue,
- Steps to reproduce the vulnerability,
- Any potential impact you believe the vulnerability may have.
Our Commitment:
- Responsiveness: We aim to acknowledge receipt of your report promptly and keep you informed about our progress toward addressing the bug.
- Confidentiality: To protect our users and systems, we ask that you do not disclose the bug to anyone other than us. All reports are to remain between the reporter and Bluedot Technology Ltd.
- Recognition and Rewards: For security-related bugs/vulnerabilities, we offer rewards and recognition as a token of our appreciation for your contribution to our security.
Ethical Considerations: We expect all bug reports to be conducted in an ethical manner. Investigations and reports should be made with a good faith effort not to disrupt or harm our services or users. Actions perceived as malicious rather than helpful could lead to different outcomes, including legal action.